Updated: Comment #57
One-time login (password reset) links expired after a fixed amount of time--24 hours (86400 seconds)--and sites were unable to customize this value without hacking core.
Support user password reset link expiration time as variable (D7) or config (D8) value.
The expiration of user reset links are now configurable.
In Drupal 7:
user_password_reset_timeout variable (i.e. in settings.php, or strongarm):
$conf['user_password_reset_timeout'] = '604800';
In Drupal 8:
User interface changes
Original report by izmeez
Note: Changing user_password_reset_timeout does affect the expiration date of one-time-login links that have already been sent. This is because the link contains the time it was generated not the time it expires. Expiration is checked based on the current user_password_reset_timeout value when the link is followed.
When users are authenticated or request a new password they receive a url link that expires in 24 hours. This time limit is set by the value $timeout = 86400 (in seconds) in modules/user/user.pages.inc
What is the best way to change this value? I am reluctant to simply edit the core file but cannot find any other way to change this.
Can a patch be created to change this so that it can be applied to the current release and to any updates when released? Di I need a CVS install to create a patch or is there a way to create the patch with the standard install?
Any help would be appreciated. Thanks,
PASSED: [[SimpleTest]]: [MySQL] 49,314 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 49,381 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 42,175 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 40,631 pass(es).
PASSED: [[SimpleTest]]: [MySQL] 39,163 pass(es).